Related Posts
Anyone from DELOITTE or SUTHERLAND?
Additional Posts in Risk Assurance
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
Anyone from DELOITTE or SUTHERLAND?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Download the Fishbowl app to unlock all discussions on Fishbowl.
Copy and paste embed code on your site
Scan your QR code to download
Fishbowl app on your mobile
For key report testing, I have looked at the scripts that are used to run the reports. If there has been no change to the script for years, we have been able to persuade all parties that the report can be benchmarked. The first year you benchmark, you still have to go through the full testing process but after that, you can just confirm that the script is unchanged year over year.
Thanks for your response and example. Does this procedure apply to all types of key reports (standard vs. third party vs. custom) or are there different procedures you’ll perform based on the type of report? This is a “new” SEC company going into its 4th year of SOX testing. How established does the company SOX program have to be to determine the script have not changed year over year?
Benchmarking guidelines have gotten really strict lately with the increased focus on completeness and accuracy considerations. Overall, if you can prove that underlying code/logic of the setup of the report hasn’t changed, you can continue to leverage the testing done the first time for three years. The only benefit is that you don’t need to test the code logic again once you baseline it. But you still need to test the front end parameters applied and check that the output wasn’t modified etc. so not too much savings
I’m new to the firm and kinda asked around and there isn’t a guideline. I’m also not an IT auditor so just trying to gather as much info as I can before i speak with the IT folks who actually do the work.
Mentor
Can you elaborate a bit more on what you mean by benchmarking or baselining KRs, ITACs, or ITGCs?
Obtaining a change management log for the systems involved and relying on PY testing - which will be used as the baseline year - for the next 3 or so years as long as there’s been no changes to the system logic